Senior Associate - Information Security & Information Technology Audit

Roles and Responsibilities :

1. Audit and compliance oversight: Independently conduct comprehensive audits of IT systems, processes, and controls Develop and execute audit plans, report on findings, and ensure robust follow-up Offer expert guidance for addressing identified deficiencies

2. Information security analysis: Regularly perform risk and vulnerability assessments Identify and evaluate the effectiveness of security measures, suggesting improvements Collaborate with stakeholders to integrate security best practices

3. Security policy enhancement: Participate in creating, reviewing, and updating information security policies and procedures Ensure policies stay current and in line with industry regulations

4. Incident response coordination: Aid in developing and maintaining incident response strategies Be involved in incident investigation and preventive recommendation formulation

5. Security awareness promotion: Cultivate a security-conscious culture Create and conduct employee training programs on security awareness

6. Compliance reporting: Compile and deliver compliance reports to regulatory bodies, management, and stakeholders Ensure timely and accurate security and compliance metrics reporting

7. Vendor security management: Assess and monitor the security posture of third-party vendors Ensure vendor compliance with organizational security standards

8. Analysis of emerging threats: Keep abreast of new threats, vulnerabilities, and industry advancements Recommend and implement measures to counteract emerging security risks

9. Strategic planning and implementation: Develop and implement strategic plans for enhancing security and audit processes Coordinate with departments to align security and audit strategies with organizational goals

10. Regulatory landscape navigation: Update on regulatory changes and adjust security practices Liaise with regulatory bodies for compliance readiness

11. Technology integration and optimization: Recommend new technologies to strengthen the security posture Oversee the integration of security technologies into existing systems

12. Data protection and privacy: Ensure the protection of sensitive data through governance and privacy practices Work with data management teams to strengthen data security

13. Stakeholder engagement and reporting: Engage with stakeholders to discuss security and audit findings Prepare detailed reports and presentations for senior management and board members

14. Continuous process improvement: Identify and implement process improvements in security and audit practices Implement best practices for enhanced efficiency and effectiveness

15. Crisis management and emergency response: Lead crisis management related to information security incidents Lead emergency response activities, ensuring minimal operational impact